Cross-Site Scripting (XSS)

2019-05-0205:28:21

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.001 Low

EPSS

Percentile

50.8%

JSON

Red Hat Satellite 5 is vulnerable to cross-site scripting (XSS) attacks. A remote attacker is able to pass malicious input via the parameters in admin/BunchDetail.do; and software/packages/NameOverview.do; with the intention of executing arbitrary Javascript code on the victims browser.

CPENameOperatorVersion
spacewalk-javaeq1.7.54__119.el6sat
spacewalk-javaeq1.7.54__126.el6sat
spacewalk-javaeq2.0.2__87.el6sat
spacewalk-javaeq1.7.54__115.el6sat
spacewalk-javaeq2.0.2__89.el6sat
spacewalk-javaeq1.2.39__100.el6sat
spacewalk-javaeq1.2.39__88.el6sat
spacewalk-javaeq2.3.8__108.el6sat
spacewalk-javaeq1.2.39__91.el6sat
spacewalk-javaeq1.7.54__108.el6sat

Name	Operator	Version
spacewalk-java	eq	1.7.54__119.el6sat
spacewalk-java	eq	1.7.54__126.el6sat
spacewalk-java	eq	2.0.2__87.el6sat
spacewalk-java	eq	1.7.54__115.el6sat
spacewalk-java	eq	2.0.2__89.el6sat
spacewalk-java	eq	1.2.39__100.el6sat
spacewalk-java	eq	1.2.39__88.el6sat
spacewalk-java	eq	2.3.8__108.el6sat
spacewalk-java	eq	1.2.39__91.el6sat
spacewalk-java	eq	1.7.54__108.el6sat